http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102
--- Comment #7 from Chris Cormack <[email protected]> --- Not sure about that Jonathan, since those ones are only used by the API, not rendered in a page. Possibly users of the API might want to interact with the cookie with javascript? More likely, since they wont be interacting with it with a browser that understands the httponly flag it will be ignored. We could add the flag just in case a user is tricked into going to a page from the api, that has been compromised and has xss in it. Maybe send a follow up, It can't really hurt to have it in it I think. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
